[lxc-devel] [lxc/lxc] 368bbc: Support for automatic mounting of filesystems

Thu, 12 Sep 2013 13:36:21 -0700 

  Branch: refs/heads/staging
  Home:   https://github.com/lxc/lxc
  Commit: 368bbc02ba132cd978141f392e610adf3b9dcec8
      https://github.com/lxc/lxc/commit/368bbc02ba132cd978141f392e610adf3b9dcec8
  Author: Christian Seiler <christ...@iwakd.de>
  Date:   2013-09-12 (Thu, 12 Sep 2013)

  Changed paths:
    M src/lxc/conf.c
    M src/lxc/conf.h
    M src/lxc/confile.c
    M src/lxc/start.c

  Log Message:
  -----------
  Support for automatic mounting of filesystems

This patch adds the lxc.mount.auto configuration option that allows the
user to specify that certain standard filesystems should be
automatically pre-mounted when the container is started.

Currently, four things are implemented:

 - /proc          (mounted read-write)
 - /sys           (mounted read-only)
 - /sys/fs/cgroup (special logic, see mailing list discussions)
 - /proc/sysrq-trigger (see below)

/proc/sysrq-trigger may be used from within a container to trigger a
forced host reboot (echo b > /proc/sysrq-trigger) or do other things
that a container shouldn't be able to do. The logic here is to
bind-mount /dev/null over /proc/sysrq-trigger, so that that cannot
happen. This obviously only protects fully if CAP_SYS_ADMIN is not
available inside the container (otherwise that bind-mount could be
removed).

Signed-off-by: Christian Seiler <christ...@iwakd.de>
Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>


  Commit: b7ed4bf0e25799fbe9e9ccb073af5397dda1288a
      https://github.com/lxc/lxc/commit/b7ed4bf0e25799fbe9e9ccb073af5397dda1288a
  Author: Christian Seiler <christ...@iwakd.de>
  Date:   2013-09-12 (Thu, 12 Sep 2013)

  Changed paths:
    M src/lxc/conf.c

  Log Message:
  -----------
  Change rootfs pinning mechnism

Chane pinning mechanism: Use $rootfs/lxc.hold instead of $rootfs.hold
(in case $rootfs is a mountpoint itself), but delete the file
immediately after creating it (but keep it open). This will keep the
root filesystem busy but does not leave any unnecessary files lying
around.

Signed-off-by: Christian Seiler <christ...@iwakd.de>
Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>


Compare: https://github.com/lxc/lxc/compare/aae1f3c47b09...b7ed4bf0e257

------------------------------------------------------------------------------
How ServiceNow helps IT people transform IT departments:
1. Consolidate legacy IT systems to a single system of record for IT
2. Standardize and globalize service processes across IT
3. Implement zero-touch automation to replace manual, redundant tasks
http://pubads.g.doubleclick.net/gampad/clk?id=51271111&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Reply via email to